You are on page 1of 12

January 2006

Quocirca Insight Report

Mobile Security and Responsibility


Contacts: Taking the right attitude to secure mobile technology
When companies extend their business IT operations to mobile employees, their risks are increased as
Rob Bamforth valuable software, data and devices are taken out of the protected perimeter of the office, and placed in
Quocirca Ltd the pockets, pouches and briefcases of users. Business processes may run more efficiently, and
Tel +44 1264 393359 employer and employee have more flexibility in how they conduct the working practices, but do both
rob.bamforth@quocirca.com parties gives sufficient attention to their responsibilities? There is a tendency to believe that where
there are challenges with a particular use of technology, the solution is to apply yet more technology,
Bob Tarzey but this is of little benefit if the attitudes to its use are complacent or irresponsible.
Quocirca Ltd
Tel +44 1753 855794
bob.tarzey@quocirca.com
KEY FINDINGS
Orange Media Centre
Tel +44 207 984 2000 • Workplace flexibility is at least as important a driver for mobility as productivity
While efficiency and productivity are clearly important justifications for adopting new technology,
workplace flexibility is the top reason for interest in mobile technology for three quarters of IT
professionals. However, those companies that deploy the technology most widely are those with a
corporate strategy for mobile working.
• Mobile security policies are described as ‘vital’ but largely not well implemented
While the vast majority of IT professionals believe it is vital for security policies to cover the use
of mobile, wireless or cellular devices, a third do not have such a policy in place. Although this is
less for those with more widespread deployment, still one in five of those companies with broad
deployments of both wireless laptops and smart handheld devices do not have effective policies in
place for mobile security.
• Users are recognised as a problem, with attitudes that are often irresponsible and careless
It is widely realised that mobile users create more challenges than the technology, and alarmingly,
RESEARCH NOTE: a significant percentage of companies think their mobile users have an irresponsible attitude to
The primary research data security, even among those with experience of broad usage.
upon which this report is
based is derived from 2035 • Over-communication helps generate the right attitudes to user responsibilities
online interviews conducted While intranets and emails are default ways to explain policy, many companies take advantage of
in the fourth quarter of 2005 two-way communication through training, employee induction and management. This is more
on behalf of Orange.
Respondents were
pronounced for those with experience of larger deployments, and these companies are more likely
predominantly IT to believe their users understand what they have to do and more likely to behave responsibly.
professionals, representing a
mixture of supplier and end
• Many organisations are not setting the right examples
user organisations. Most recognise that security is a shared responsibility between organisation and individual
Geographic location was employee, but even where security policies are present they are not strictly enforced in over a third
specifically identified, with of companies. There is a lack of clear leadership from the organisation, and uncertainty as to
just under half outside the whether employees in senior positions take security sufficiently seriously.
UK.
• IT managers are cautious and pessimistic about the difficulties caused by mobile devices
While plenty of emphasis is placed on security, and most IT managers believe smart handheld
devices should be protected by a PIN or password, a worrying one in five do not regard a mobile
security policy as vital. Half believe mobile users have an irresponsible attitude to mobile security
and although many users are given at least some choice of device, IT managers prefer to have a
single corporate standard for everyone.
• But general business managers optimistically tend to underestimate the problem
While most believe a mobile security policy is important, a third do not believe this to be vital, and
are more likely to believe that users are responsible than do IT managers. They are twice as likely
to allow users to choose whatever device they want, and would tend to leave it to individual users
to decide whether they want to use a password or PIN on their device.

An independent study by the primary


research division of Quocirca Ltd.

www.quocirca.com
Mobile Security and Responsibility Page 2

CONTENTS
1 INTRODUCTION........................................................................................................................................................................ 3

2 CHALLENGES OF MOBILE SECURITY............................................................................................................................... 3

3 SETTING POLICIES.................................................................................................................................................................. 3

4 USER RESPONSIBILITY .......................................................................................................................................................... 4

5 INVOLVEMENT AND COMMITTMENT .............................................................................................................................. 5

6 REALITY BITES......................................................................................................................................................................... 6

7 CONCLUSIONS .......................................................................................................................................................................... 7
7.1 ACKNOWLEDGEMENTS ............................................................................................................................................................ 7
APPENDIX A – CREATING THE RIGHT ATTITUDE................................................................................................................. 8

APPENDIX B – INTERVIEW SAMPLE DISTRIBUTION ............................................................................................................ 9

REFERENCES................................................................................................................................................................................... 10

ABOUT ORANGE............................................................................................................................................................................. 11

ABOUT QUOCIRCA ........................................................................................................................................................................ 12

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 3

Figure 1
1 Introduction What are the most important mobile security issues? (Those with
broad experience of both wireless laptops and smart handhelds)
The safe and secure use of technology is a legitimate concern
0% 20% 40% 60% 80%
for any business, and this is often raised when considering
the use of mobile technologies. Once systems or access then Data falling into wrong hands through
theft or loss
leave the office many problems may arise.
Data loss through device theft or damage
Increasingly smaller and more lightweight devices can be
lost, forgotten or stolen with relative ease. According to a
Unauthorised network access
recent survey of Taxi drivers, thousands of laptops and many
more mobile phones are left on the seats of Taxis in cities Viruses
around the world everyday. How should a company address
the security issues of small or mobile devices? Is the answer Snooping of data passing over a wireless
network
a technology solution or is it more about user responsibility?
This report examines the impact of user attitude on mobile From ‘Mobile Devices and Users’ – Summer 2005
security. It is intended to be read by managers with existing
mobile projects or those who are embarking on new projects, In many cases of data loss, the actions of the user leading up
either initial pilots, or extensions of existing deployments. It to the event will play an important part; was the device
offers them a peer review and information for discussion dropped, was it left unattended, or was it simply mislaid?
both internally, and with existing or potential suppliers. How each user views their responsibility for the safety and
As background to the report, interviews were conducted in integrity of the device will affect any attempts at securing its
connection with a popular online news site. Of the 2035 usage.
respondents, 35% have broad experience of wireless laptops, When Quocirca2 explored general corporate data risks in
19% have broad experience of smart handhelds, with around 2004, remote or wireless access was not seen as the highest
a further 55% in each case having more limited or unofficial current threat, but the one growing most significantly in the
experience. For brevity, those with broad experience of all future (Figure 2).
devices are described as committed leaders throughout this
report. Figure 2
What do you feel are the major causes of corporate data risk, now and
in the future?

0% 20% 40% 60% 80% 100%


2 Challenges of mobile security Human incompetence, threat from
disgruntled employee
The term ‘mobile device’ includes many products in what is Computer, network or software failure
a rapidly evolving area, but this report focuses on laptops, Increasingly clever methods of attack, e.g.
and smart handhelds. Laptops include notebooks, tablets or more complex viruses, spyware

portable PCs based around the Microsoft Windows operating Theft of corporate equipment

system. Extension of corporate network through


remote working, wireless access

Smart handhelds are defined for the purpose of this report as Hacking or competitor espionage

handheld or pocket-able devices that connect to a wireless or Terrorist Threat, natural disaster, fire

cellular network, and can be installed with software. This


Now Future Not a major issue
includes networked PDAs and smartphones, and the report
From ‘IT Security – Bridging the Gap’ – Summer 2004
uses the term ‘handheld’ as an all-embracing term.
Both laptops and handhelds bring two challenges to IT: they
carry information outside of the physically controlled
systems, and offer remote access back to the protected However many of the other identified concerns surrounding
environment. corporate data risk are increased by the use of mobile access.
Smaller devices outside the physical protection of the office
The first step is to recognise the scale of the challenge, and are more vulnerable to theft, loss or damage. They are also
where to apply the most effort. Despite much adverse susceptible to unauthorised access and malicious software
publicity concerning the problems of computer viruses, both such as viruses.
real with laptop computers, and still relatively only emerging
with handhelds, previous research1 shows that those with While users cannot be held entirely responsible for virus or
broad experience of both are more concerned with losing malware attack, their actions can affect the level of risk. If
data (Figure 1). they are aware of the extent of the security challenges faced
by the organisation, the consequences of a failure, and their
own duty towards safeguarding corporate assets, they are
more likely to adopt a more responsible attitude to mobile
security.

3 Setting Policies
The starting point in any organisation is to establish what the
company’s business security policy should be, and how that
will then impact on defining appropriate IT policy or
procedures.

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 4

This is important whether the company plans to officially employees in the company know where they stand on
adopt the technology or not, since, as the cost of mobile security issues right from the outset.
technology products and devices is dropping and their
capabilities are rising, users will bring them into the business Those with experience of dealing with the challenges of
unofficially or as personal tools. managing laptops, and emerging mobile devices, such as
smart handhelds, the committed leaders, are, however more
Unofficial use occurs whether companies permit it or not, likely to have a policy in place.
and should not be ignored. This happened from the outset
with Personal Digital Assistants (PDAs), and has continued Worse, there are too many who do not take the security
with smartphones, iPods and memory sticks. Companies policy they have seriously enough to keep it strictly enforced.
should be aware, and set blanket policies to cover all types of This sets a bad example to users, and is likely to be one
technology not officially sanctioned. reason why user attitudes towards mobile security are often
seen as careless.
As security is always a major IT concern and mobile devices Figure 5
of all types are proliferating, it would be reasonable that all Do you have a security policy that covers the use of mobile, wireless or
companies should see the need for a security policy that cellular devices
covers mobile devices. However, small but significant
percentage, do not see this as vital (Figure 3). 0% 10% 20% 30% 40% 50% 60%

Figure 3 Yes, and it is enforced


How important do you regard the need for a security policy to cover the
use of mobile, wireless or cellular devices?
Yes, but it's not strictly enforced

0% 10% 20% 30% 40% 50% 60% 70% 80%


We have a security policy, but it doesn't
specifically cover mobile usage
Vital or very
important We don't have a policy

All Committed Leaders


Fairly important

Useful, but not


essential Enforcement is not about punishing careless behaviour,
although that should be taken as a last resort, otherwise it
will not have the desired deterrent effect. Users must believe
that a policy has teeth; otherwise any further communications
about changes, improvements or responsibilities will simply
Looking closer at the figures reveals a greater concern. IT be ignored.
managers are more aware of the need for a security policy
than those in general management roles, but even so, one in Humans learn from childhood how to push the limits of what
five do not see it as vital (Figure 4). is, or is not permitted, and discipline with merely the threat
of punishment goes a long way towards encouraging
A much larger percentage of general managers have the same responsible attitudes.
over-relaxed approach, and this is often reflected in the
comments of IT managers who have to pick up the pieces
after a failure. It should be a business imperative to take
security seriously, and an IT imperative to implement and 4 User responsibility
support that business imperative. The complexity of many technology projects can create a
Figure 4 tendency to focus more on the technical aspects of
How important do you regard the need for a security policy to cover the implementation than on the social and human aspects of
use of mobile, wireless or cellular devices? usage. This approach can easily lead to the failure of a
project, when the productivity and efficiency gains that were
0% 10% 20% 30% 40% 50% 60% 70% 80%
expected, evaporate when users find the solution is too
complex, or does not fit well with their working patterns.
Not vital
Getting users involved early, so their feedback can be heard,
generates buy-in and increases the likelihood that users will
understand their responsibilities. Most companies recognise
Vital or very that users’ issues are as important as or even more important
important
than the challenges from the technology (Figure 6). What
they must ensure is that users feel like an integral part of the
General management IT management solution, not an afterthought.

Even though four out of five see the necessity of a policy,


only three quarters of these overall actually have a security
policy that specifically covers the use of mobile technology
(Figure 5). This may be due to a lack of experience, or time
pressures, but it is best to define a mechanism to let all

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 5

Figure 6 Figure 8
What are the key challenges for deploying mobile devices: technology What best characterises the attitude of mobile users in your organisation
challenges or those relating to users and the working process? to security?

0% 10% 20% 30% 40% 50% 0% 10% 20% 30% 40% 50% 60% 70% 80%

Technology
challenges are
most important to Responsible
address

Both are equally


important Irresponsible

It is more important
to deal with users
issues
General management IT influencer or IT manager

Increasing their commitment encourages users to take more Those involved in the IT processes of deploying and
responsibility for the mobile assets, both the device and the managing the use of mobile devices, recognise the problem
data on it. While most believe this responsibility is shared most often lies with user attitudes. Users are seen as
between the individual employee and the organisation, once “lacking in common sense” or “careless” while managers are
outside the protection of office environment, the onus has to “cavalier” or “ignorant” about the impact of security threats
rest further on the individual (Figure 7). and fail to punish persistent offenders or violators of security
Figure 7
policies.
Should the responsibility for keeping a mobile device and the data on it Clear leadership and a consistent approach is important. No
safe and secure lie with the individual user or with the organisation?
matter what the level of seniority of employee, each is
0% 10% 20% 30% 40% 50% 60% 70% 80%
responsible for the organisation’s security. Some responses
noted that senior management set a “very poor example”, and
It's a joint or shared
although many believed the person responsible for setting
responsibility security policy took precautions for securing their own
mobile device, many were unsure (Figure 9).
Mainly with the Figure 9
individual
Does the person responsible for setting security policy in your
organisation (e.g. IT director/CIO, CEO) protect their smart handheld
mobile device with a PIN?
Mainly with the
organisation 0% 10% 20% 30% 40% 50%

Yes

For its share of the responsibility, the organisation has a duty


No
to equip the employee with the tools and confidence they
need to operate securely.
This can include smart technology to synchronise, lock, Don't know

remote control or protect from viruses, but more importantly,


users must be informed what to do in any situation where
security may be compromised - who to ring, what to say or
do, and how quickly to do it. This comes from acceptance
and adherence to the code of conduct, outlined in the security It is better for senior managers to be open and public about
policy. their support for security measures, rather than quietly
abiding by them. This support must be real, however, and it
Unfortunately the organisation also has to accept that failures would be a disaster if someone supporting a strong security
will occur and mitigate the effects of a loss or a break in policy was found out to be flouting it themselves.
security. For the business this will include recovery
procedures and ultimately insurance. For the individual
concerned, there should be a process to discover what went
wrong, check whether an employee was at fault, and take 5 Involvement and commitment
appropriate action.
Although many users build strong personal attachments to
This may be disciplinary or simply financial redress, but it the mobile devices they have, these are, after all, business
has to be clear, consistent and anticipated by the employee. tools for improving working processes. Allowing users
Line managers and personnel or HR departments play a complete freedom to choose their own devices may satisfy
major part in encouraging the right attitude, but in this area at their desire to carry the coolest gadget, but it will make the
least, it seems managers take an optimistic view of the task of device management and security, much harder.
attitude of employees (Figure 8)
Giving users no choice whatsoever can be a hard rule, and
must be applied consistently as a corporate standard. Better
still is to give some, if only limited, choice as this will

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 6

increase user buy-in, and ensure that the right tool is on the intranet. It is important that this information is not
available for the right task. This is the approach most often hidden away, but displayed or linked prominently. It is also
adopted by the committed leaders (Figure 10). important to ensure that support lines are clear and simple,
Figure 10
with a single support number or email address to be used in
Typically, how involved are users in the process of selecting what type of
the event of a problem.
mobile devices they will use in their job?

0% 10% 20% 30% 40%

Users are given a device suitable for


6 Reality bites
their role

Users are offered a limited choice of


Despite the best efforts of those with broad experience of
suitable devices both laptops and smart handhelds, it is clear that a challenge
We have a single corporate standard remains. Committed leaders take communications with users
for everyone
and their education seriously, and it does increase their level
The only usage is where an employee
has a device of their own of responsibility (Figure 12).
Users are broadly allowed to choose Figure 12
what they want
What best characterises the attitude of mobile users in your organisation
All Committed Leaders to security?

0% 10% 20% 30% 40% 50%

They are responsible and know what


It is important that users understand why decisions have been they have to do

made to limit choices, especially if there is only a single They feel responsible, but don't know
what to do
corporate standard. While they might favour one make of
They don't care
laptop over another, or have aspirations of using a
particularly fashionable smartphone, most will prefer They don't believe it is their
responsibility
continued fulfilling employment with a profitable company
offering rewarding salaries over one that is spending more An arrogant, I know best, attitude

than is strictly necessary on technology. All Committed Leaders

As well as the decision processes which lead to the definition


of policy, users need to be made fully aware of the policy
itself. This has to be done early and ideally at the key start
points – when the employee joins the company, and when However, even here over a third of users have a poor
they accept a mobile device or devices (Figure 11). attitude, and behave carelessly or arrogantly with mobile
technology. While effective communications have made
The importance of specific training is especially noted by users more aware of what they have to do, it has not
those with broad experience of deploying mobile devices. substantially improved their acceptance of responsibility.
Although many users could indeed find out how to make use
of devices from manuals, a formal program of training The attitude of management plays a key role in influencing
ensures that best practices can be shared, and the employee behaviour. The punitive side of this is to enforce
responsibilities of security and good mobile communications policies with penalties for failure to comply, or by passing
etiquette can be understood. This reduces the potential for some of the financial burden of replacement after
misunderstanding and problems later during usage. irresponsible actions, but this is already after the event.
Figure 11 Better to treat the whole process of mobile deployment, and
How are users made aware of the mobile security policy? the devices themselves as a serious part of extending the
business, and not simply the allocation of a few flashy
0% 20% 40% 60% 80% gadgets to an elite few. Line-of-business managers generally
Through an intranet
underestimate the complexity of this challenge more than
In new employee introduction /
their IT counterparts (Figure 13).
induction process
Figure 13
As part of training for mobile users
How does the challenge of deploying smart handhelds compare to
Their manager tells them deploying wireless laptops?

A one-off email outlining security policy


0% 10% 20% 30% 40%
Regular reminder emails

We don’t have a policy No more difficult


than deploying
All Committed Leaders wireless laptops

Smart handhelds
are more of a
challenge
As mobile security policy is something that is likely to
change markedly over time when new devices or solutions
emerge, or new threats are identified, this awareness must General management IT management
come as part of ongoing communication.
Again the committed leaders with experience recognise the
need to target communications with the mobile user closer to
their point of need, sending reminder emails and presenting it Taking the process seriously means that users have to feel
they are being entrusted with something important, that will

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 7

be of value to them in their working role or career, and be Once again, general business managers have a more lenient
worthwhile for the business. This means: view of users in general, and from IT management
observations, this may very well be because so many
- involve them early to gain feedback and buy-in managers have a lax approach as users themselves.
- tailor to the needs of their role
- set understandable standards and policies
7 Conclusions
- provide training ahead of implementation, not after
Decisions can be driven by a fascination with the technology
- offer full support during the process for the latest ‘toy’ or ‘cool gadget’ rather than something
- get feedback afterwards to refine suited to a business need. This means the impact on
technology infrastructure and human working processes tend
to be pushed to one side.
Taking an interactive and consultative process with users The question to address is a simple ‘why deploy mobile
does not mean bowing to their wishes, and organisations technology at all?’ Where a business case can be made,
need to set standards. However there is a danger that suitable technology will provide a return on investment, but
different decision makers will take a more simplistic view – the driving forces are generally more complex than a simple
managers wanting an easy life will allow too much choice, productivity gain (Figure 16).
IT managers for a similar reason will want to limit to a single
Figure 16
standard (Figure 14).
What is driving the interest in mobile technologies?
Figure 14
For committed leaders – Typically, how involved are users in the process 0% 20% 40% 60% 80% 100%
of selecting what type of mobile devices they will use in their job?
Workplace flexibility (e.g. hotdesking,
home working)
0% 10% 20% 30% 40%
Fascination with the technology

Users are broadly Increased organisational efficiency


allowed to choose
what they want Need to increase individual
productivity

To improve customer service


We have a single
corporate standard Corporate strategy
for everyone
All Committed Leaders

General management IT management

However, security is often the largest obstacle to progress,


and this is massively influenced by user attitude as well as
Both IT and line managers need to understand the issue as the technology infrastructure. In many ways the arguments
getting user buy-in is critical to the security process. From are difficult to rationalise as the impact of security breaches
earlier Quocirca research1 it was apparent that even those or failures are difficult to comprehend, especially to those
with broad experience of smart handheld deployment had a outside the IT discipline.
more lax attitude to the security of these devices than
laptops. Although confirmed usage of PIN or password The business potential for increased workplace flexibility
protection at senior levels is less than clear (Figure 9), hearts and productivity or efficiency can only be realised if users
are mainly in the right place, at least for IT managers (Figure are fully committed to the process. This commitment has a
15). double benefit. Not only does it help ensure that expected
productivity gains materialise, but it also adds to the integrity
and security of the solution.
Figure 15
Both IT and business managers can gain benefit from this,
For committed leaders – should smart handhelds have a PIN or password?
but each in their own way has to accept the validity of the
views of the other, and find a compromise that takes neither a
0% 20% 40% 60% 80% 100% too optimistic, nor a too pessimistic point of view.

Doesn't matter or
leave it to the 7.1 Acknowledgements
user's choice
This kind of research is crucial to all of us in the business
and IT community - suppliers and customer organisations
Smart handhelds
should be alike. We would therefore like to thank all of those
protected
participants who contributed so generously, with patience
and good humour, towards a better understanding of issues in
General management IT management this important area.

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 8

Appendix A – Stimulating a Responsible Attitude


Even companies with well thought out policies and well implemented solutions need to generate the right
attitude and approach to security among their users. This check list serves as a reminder for those experienced
in mobile device management or as a discussion document for those validating their concerns with a third party.

• Sensible policy. Ensure that the security policy is based on good business sense and a rationale
that can be justified as a means of protecting the assets of the business, operating in the best
interests of employer and employee.

• Engage users with consultation, not prescription. Communicate early with potential users
and their representative bodies, create trust and expect responsible behaviour. Demonstrate the
security challenges the business faces, the measures the organisation will put in place to tackle
them, and how they as users are expected to play their part.

• Fit solutions to user and business needs. Technology can be used to support the needs of the
business and still be adapted to the more individual needs of users. Forcing the adoption of one
solution across a mix of needs or use cases will be counter productive.

• Train before, support during. Do not leave anything important to be found out, discovered, or
decided upon by individual users. Run comprehensive training, use workshops and participation
to establish best practices and etiquette that users can buy into. During and after deployment
ensure that users are kept informed and updated with any matter concerning mobile policy and
that they have a simple and straightforward route for getting support.

• Lead from the top. Not only from the top, but everywhere. Be consistent in the application of
policy, from the options available to the rules enforcing security. Do not make exceptions for
senior or more experienced staff. They may or may not be less of a risk, but they are the most
visible role models.

• Enforce. Policies must have teeth to be effective, and there are times when rules must be
enforced. Consequences must be clear and understood from the outset, so that violators are
neither surprised nor feel aggrieved. As with any form of disciplinary practice, enforcement
should scale according to severity and frequency of the problem.

• Keep a sense of perspective. Not everyone will be sufficiently responsible or have the right
attitude to support the organisation’s security policy. Ensure that a safety net of measures are in
place to deal with the most likely eventualities – backup, contingency and insurance all have
their part to play. Apply pragmatism, and weigh up the advantages against the risks and costs.

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 9

Appendix B – Interview Sample Distribution

Figure 17
Respondent by role

Undeclared An
/other influencer of
14% IT purchases
Work in
telecoms 18%
services
5%

General
Software management
development 12%
19%

IT
management
35%

Figure 18
Respondent by Company Size

5,000 - 9,999
6% 10,000 +
1,000 - 4,999 18%
13%

Software
development
19%

0 - 49
33%
50 - 499
23%

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 10

References

Title Published
1 Mobile Devices and Users Quocirca Ltd 2005
2 IT Security – Bridging the Gap Quocirca Ltd 2004

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 11

About Orange
Orange was launched in the UK in 1994 and has been at the forefront of innovation in the mobile world ever since, becoming one of
the UK’s leading operator with 14.2 million customers.
One of the world’s largest mobile communication companies, Orange operates in 19 countries with 50 million customers worldwide
and has services available in more than 140 countries across five continents.
Orange Business Solutions was launched in 2001 to service the UK business community. Now catering for all businesses, from the
sole traders to multinationals, Orange has the fastest growing share of the business market in the UK. Internationally, Orange
Business Solutions has over three million business customers worldwide and supports over half of the Fortune 100 companies in
Europe
More information: www.orange.co.uk/business

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006


Mobile Security and Responsibility Page 12

About Quocirca
Quocirca is a UK based perceptional research and analysis company with a focus on the European market for information
technology and communications (ITC). Its analyst team is made up of real-world practitioners with first hand experience of ITC
delivery who continuously research and track the industry in the following key areas:

o Business Process Evolution and Enablement


o Enterprise Applications and Integration
o Communications, Collaboration and Mobility
o Infrastructure and IT Systems Management
o Utility Computing and Delivery of IT as a Service
o IT Delivery Channels and Practices
o IT Investment Activity, Behaviour and Planning

Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to
transform businesses and the processes that drive them, but often fails to do so. Quocirca’s mission is to help its customers improve
their success rate.
Quocirca has a pro-active primary research programme, regularly polling users, purchasers and resellers of ITC products and
services on the issues of the day. Over time, Quocirca has built a picture of long term investment trends, providing invaluable
information for the whole of the ITC community.
Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for
business. Quocirca’s clients include Morgan Stanley, Vodafone, Oracle, Ericsson, Microsoft, Orange, IBM, O2, CA and Cisco.
Sponsorship of specific studies by such organisations allows much of Quocirca’s research to be placed into the public domain.
Quocirca’s independent culture and the real-world experience of Quocirca’s analysts, however, ensures that our research and
analysis is always objective, accurate, actionable and challenging.
Most Quocirca research reports are available free of charge and may be requested from www.quocirca.com. To sign up to receive
new reports automatically as and when then are published, please register at www.quocirca.com/report_signup.htm.

Contact:

Quocirca Ltd
Mountbatten House
Fairacres
Windsor
Berkshire
SL4 4LE
United Kingdom

Tel +44 1753 754 838


Email info@quocirca.com

Copyright 2006 Quocirca Ltd www.quocirca.com January 2006